avoid confusion in logged TSIG algorithm names

author Kees Monshouwer <mind04@monshouwer.org>

Mon, 21 Jul 2014 21:44:07 +0000 (23:44 +0200)

committer mind04 <mind04@monshouwer.org>

Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Mon, 21 Jul 2014 21:44:07 +0000 (23:44 +0200)
committer mind04 <mind04@monshouwer.org>
Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)
diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc

index 4cfefcb2cd43e564ce5b765b6188c01668818859..e6fa4b77c7eca0b2273eb3a7ea4ce6a2e2d97ec1 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -399,13 +399,16 @@ bool TCPNameserver::canDoAXFR(shared_ptr<DNSPacket> q)
        return false;
      
      DNSSECKeeper dk;
-    
+
+    string algorithm=toLowerCanonic(trc.d_algoName);
+    if (algorithm == "hmac-md5.sig-alg.reg.int")
+      algorithm = "hmac-md5";
      if(!dk.TSIGGrantsAccess(q->qdomain, keyname)) {
-      L<<Logger::Error<<"AXFR '"<<q->qdomain<<"' denied: key with name '"<<keyname<<"' and algorithm '"<<trc.d_algoName<<"' does not grant access to zone"<<endl;
+      L<<Logger::Error<<"AXFR '"<<q->qdomain<<"' denied: key with name '"<<keyname<<"' and algorithm '"<<algorithm<<"' does not grant access to zone"<<endl;
        return false;
      }
      else {
-      L<<Logger::Warning<<"AXFR of domain '"<<q->qdomain<<"' allowed: TSIG signed request with authorized key '"<<keyname<<"' and algorithm '"<<trc.d_algoName<<"'"<<endl;
+      L<<Logger::Warning<<"AXFR of domain '"<<q->qdomain<<"' allowed: TSIG signed request with authorized key '"<<keyname<<"' and algorithm '"<<algorithm<<"'"<<endl;
        return true;
      }
    }
author	Kees Monshouwer <mind04@monshouwer.org>
	Mon, 21 Jul 2014 21:44:07 +0000 (23:44 +0200)
committer	mind04 <mind04@monshouwer.org>
	Mon, 21 Jul 2014 21:53:27 +0000 (23:53 +0200)